Re: SSH scripting

From: Nico Kadel-Garcia (nkadel_at_comcast.net)
Date: 03/26/04

• Next message: Nico Kadel-Garcia: "Re: Error: "Cannot initialize SFTP protocol. Is the host running a SFTP server?""
• Previous message: Pascal Legrand: "Re: problem with plink and remote command"
• In reply to: Sensei: "Re: SSH scripting"
• Next in thread: Sensei: "Re: SSH scripting"
• Reply: Sensei: "Re: SSH scripting"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 26 Mar 2004 08:34:35 -0500

Sensei wrote:
> On Tue, 23 Mar 2004 10:50:20 -0500, Chris Vidal wrote:
>
>> Can someone either tell me how to accomplish this or point me to a
>> doc that describes this.
>
> Search for ``ssh no password login'' and generate all private/public
> keys, move them to the ssh server and then make a simple scp: you
> won't use passwords and so you can use script for whatever you want.
> A)bort, R)etry, I)nfluence with large hammer.

Than slap the idiot in the head for suggesting this commonly used and
amazingly dangerous technique. It's the equivalent of taping the user's
password to their monitor: once someone manages to get the file that has the
passwordless key on one machine, they have remote access to a user account
on the other machine. It's a direct violation of the most basic standards of
how to use a secure tool: you may as well just put the files on an FTP site
and put the FTP site password in a shell script.

Instead, pick up a copy of Richard Silverman's book from O'Reilly Associates
publishsers with details on how to do this using "ssh-agent" to sture the
password-unlocked key iin a way accessible from your SSH client for
overnight usage. And review whether SSH is really what you need, or whether
"rsync" can do the job more simply but safely enough for your needs. If you
really need to have passwords or user keys, you might also consider using
the ssh-agent key with the file server using chroot cages
(chroot.sourceforge.net).

• Next message: Nico Kadel-Garcia: "Re: Error: "Cannot initialize SFTP protocol. Is the host running a SFTP server?""
• Previous message: Pascal Legrand: "Re: problem with plink and remote command"
• In reply to: Sensei: "Re: SSH scripting"
• Next in thread: Sensei: "Re: SSH scripting"
• Reply: Sensei: "Re: SSH scripting"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages ssh_askpass: exec(/usr/lib/misc/ssh-askpass) ... This only happens to my user account. ... My root account can ssh just fine. ... deleting ~/.ssh/ thinking a config issue, ... (SSH) Re: Allow user to SCP but not to SSH ... I would like to create a user account where the user can transfer files ... using scp but he shouldn't be allowed to login using SSH or running any ... This will grant the user no interactive shell. ... (comp.unix.bsd.openbsd.misc) Re: allow SFTP FTP but not SSH. Can ?? ... After installing, can I ... configure to have only a few user account will only ... be restricted from SSH ?? ... Mail has the best spam protection around ... (Fedora) FC2 user accounts brain damage... ... trouble. ... First I couldn't ssh in with my user account, and logging in as root noticed ... (Fedora)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint